News

These are the changes:- fixed vulnerability discovered by ADLab of Venustech (command injection, but requires admin access)- webdav display UPPER/CASE/FULL/PATH with some webdav client- standalone extplorer webdav does not work with PHP7- CVE-2016-4313: archive path traversal vulnerability in extplorer 2.1.9- #202 Users with read only permissions should not be able to extract archives.- added indonesian language files

The eXtplorer homepage has been renewed. I was using the old layout for around 4 years now and it was time to "refresh" it a little bit. Besides that I also upgraded the server to the latest Ubuntu LTS release and switched to a far more updated version of Redmine for this site.I hope you like it!

The eXtplorer 2.1.7 release has been updated to make eXtplorer installable under Joomla! 3.4.The XML manifest file for Joomla! 1.0/1.5 has been removed, so eXtplorer >= 2.1.7 can't be installed on these really old Joomla! version anymore.

Version 2.1.5 of eXtplorer is now available. This release fixes a vulnerability that allowed to access eXtplorer installations in Joomla! via the standalone interface bypassing the Joomla! authentication. Please update immediately if you're running eXtplorer in Joomla!

This morning we were notified of a problem within the authentication system of eXtplorer by Brendan Coles of itsecuritysolutions.org. Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 have found to be vulnerable to an authentication bypass bug. This bug has been fixed in the latest release of eXtplorer (2.1.3), which you should download and install/upgrade immediately!If you just want a quick fix, please download the attached file called users.php and put it into the eXtplorer subfolder "/include", in Joomla! installations it can be found under "/administrator/components/com_extplorer/include". Just replace the existing file with this new one.